Updated: Multiple servers used to maintain and distribute the Linux operating system were infected with malware that gained root access, modified system software, and logged passwords and transactions of the people who used them, the official Linux Kernel Organization has confirmed.

The infection occurred no later than August 12 and wasn't detected for another 17 days, according to an email John "'Warthog9" Hawley, the chief administrator of kernel.org, sent to developers on Monday. It said a trojan was found on the personal machine of kernel developer H Peter Anvin and later on the kernel.org servers known as Hera and Odin1. A secure shell client used to remotely access servers was modified, and passwords and user interactions were logged during the compromise.

and there's more at the above link if you want to go read it.
-------------------------------------------------------
If this can be accomplished with the Linux Kernel Org., there is no reason to even think it can't happen to the Puppy community.

Myself, running strictly Linux, no Windows, even my HDD is formatted for Linux Only, have in the past week experienced some odd behavior it started when running one of the more-recent puppy versions...

I run two (2) drives in my system- a regular CD ROM drive and a DVD ROM R/W drive. I very seldom use the CD ROM drive except for duping an occasional CD. The DVD ROM is my main drive where I boot all puppy versions from.

The odd behavior is my CD ROM drive randomly opening and closing, sometimes in the morning, sometimes in the evening but for sure like clock-work every day at various times, it repeats opening and closing 3 or 4 times before stopping and staying open for some time, if I leave it, eventually it will close and repeat the process. I (at the present) do not believe it's a malware on the HDD as I have 3 HDD's... 2 running different versions of Puppy's 1 running JoliOS and the same thing is happening on one of the Puppy HDD's AND the JoliOS HDD (haven't used the 3rd HDD as yet). I am more suspect to a hacker trying to gain access to my system. This behavior has all the symptoms of a VIRUS but a hacker could just as easily replicate the process.

At this time it appears no damage was done to my system or the programs I use and I am still going through files to search for a malware just in case! If the Linux Kernel.org can't figure out what exactly happened to them, I doubt I'll ever find it if it is in fact a malware hopping around between these two HDD's.

About two-years ago when I was running XP Windows, a hacker gained access and 'Flashed My BIOS or motherboard' Nothing would fire that system up again! I actually watched him trying to gain access to my computer for over a week but I had the best AV installed at the time so thought it was kind of funny, 'He Won!' and I learned another good lesson in life! so hackers can cause damage without even gaining access to your system or HDD.

At any rate, I'm still using that version of Puppy, mostly with the CD ROM disconnected completely and trying to find out what's going on. In the meantime, if anyone else is having odd-things happening to their computer, please take the time to post it, maybe a pattern of sorts will help determine exactly whats going on.

One thing for sure, it's not a joke or laughing matter any more, we got to beef-up Puppy somehow.

I have an easy test for you if you like. Put a Puppy CD into your PC, boot it with pfix=ram, so its just Puppy, and let it run for a day. If you still have drive opening and closing issues, I'm gonna say its a hardware issue on your machine, and nothing to worry about, at this stage.

If you wanted to test further, you could add things one at a time to replicate your current setup, web browser, flash etc. If something happens at the instance of installing that one component, then you know that is the security hole.

1. I clicked on a link here at the Puppy forums...
Was taken to a webpage to play a video...
Video began playing.
About 1/3 of the way in, strange things began to happen.
Pmount window opened...
The file system on the Puppy CD-RW was mounted.
A ROX window opened displaying the files on the CD.

2. I closed the Pmount window.
Closed the ROX window.
Opened the drawer of the DVD-RW drive and removed the CD.

3. Multiple Pmount windows began to open one after the other.
Tried closing them down, but more kept on opening.

4. Hit Ctrl+Alt+backspace to drop to a command prompt and entered the command reboot.

5. Once back into Puppy, the problem was still there.
Decided my lupusave [for Lupu-526] had been compromised, so...

6. Rebooted into Wary-513...
Deleted the lupusave in use, and replaced it with a recent backup copy.

7. Rebooted into Lupu-526, and used the new lupusave, and the problem was GONE!
Or at least there were no longer any signs of a problem.

Yes... I realize it could just be a hardware problem, possibly the CD drive is failing as it is old but, the symptoms for a virus and HD fail are identical so everything must be checked, which I'll be doing, even the BIOS itself! That back-door the kernel.org left open in their builds could give us headaches for some time to come I'm afraid.

1. I clicked on a link here at the Puppy forums...
Was taken to a webpage to play a video...

Sylvander, I had similar difficulties, and I bet we clicked the same link to the same story - one posted where a puppy user was having trouble playing a video from a French TV station?

I also went there, and found that my drives lights kept coming on. C drive would run, then any attached USB drives would light up. Sort of cycling through all my attached peripheral drives. Believe I was running Lucid 5.2.5 at the time. Started over with a new savefile, and the problems stopped. Very odd. Always wondered if there was some sort of a menacing Flash virus there._________________"Everywhere is within walking distance, if you have the time." - Steven Wright

I hate to keep beating a dead horse, but if you guys had been running Puppy from a multisession DVD when you suspected you caught some malware, all you'd have to do to get rid of it, no harm done, is reboot without saving.

I hate to keep beating a dead horse, but if you guys had been running Puppy from a multisession DVD when you suspected you caught some malware, all you'd have to do to get rid of it, no harm done, is reboot without saving.

That is true and sure I can buy some adapter that do allow me to run and external CD or DVD player on my Netbook that is too small to have a standard CD/DVD player in it.

But I hate the sound of things that spin so I place my computer high up on a book shelf hidden so it is barely audible even when the fan starts whining. Burners when they spin can be rather noisy._________________I use Google Search on Puppy Forum
not an ideal solution though

Flash,
You better stop beating that dead horse. It just might come back from the dead and stomp you.
Your case will only help those that do not have a hard drive or USB storage device attached.
If a site is mounting any storage device it finds on your PC, it also has a chance to inject malware to that mounted device.
The best thing is to stay away from sites that try to mess with your PC.

To be truly secure in being set up like you, one would have to remove all storage devices from the PC except for the DVD/CD drive and only attach a storage device long enough to save data that one did not want to be part of their session on a multi-session CD/DVD.

I trust 8-bit on this. I have read a lot about it out of curiosity
and even if that does not make me an expert as I remember
everybody agree with 8-bit on that.

Quote:

Your case will only help those that do not have a hard drive or USB storage device attached.

If a site is mounting any storage device it finds on your PC, it also has a chance to inject malware to that mounted device.
The best thing is to stay away from sites that try to mess with your PC.

But 8-bit you are way too optimistic. The experts says that each week some 10 000 to 100 000 perfectly normal sites that has nothing to do
with places one should not visit them do have injection scripts that
use clever ways of infecting our computers.

google do warn for some pages. They tell me them have code in them.
So usually I don't go there regardless if I find it interesting.

Say it is a page about atheists and Christians fighting about if Jesus really have exists but some criminal has placed such bad code on it without the
owner realizing it. Then I want to read but not get the bad code.

So I try to find same text on another site them don't warn has that code.

Edit. I know I write bad English but I am more used to read in English
than I am used to read in Swedish so even if I stumble on a lot of English words I do prefer to read in the original English text and not rely on bad translation. I could accept to have a parallel text though. To see the original and only have to look at translation when needed._________________I use Google Search on Puppy Forum
not an ideal solution though

It could be quite interesting to get one of those malicious webpages
and download it using 'curl' and then analyzing the webpage's source.

I think it would be safe to "get" the webpage as follows:

curl -i -X GET http://The_suspect_page.htm > /some/dir/SomeName.txt

Then reading it with Geany.
I suspect that it would be safe to download the page like that as there is no
web browser involved, but since I don't exactly know the inner workings
of curl and GET, I would appreciate comments from those that know more
about this.

Them comparing many different AntiVirus products for Linux.
I fail to find that thread now. Have searched for some 4 hours._________________I use Google Search on Puppy Forum
not an ideal solution though